Bug 1557436

Summary: Unnecessary requirement of CSR when running --certs-update-server
Product: Red Hat Satellite Reporter: Mario Mikocevic <mario.mikocevic>
Component: CertificatesAssignee: Eric Helms <ehelms>
Status: CLOSED ERRATA QA Contact: Nikhil Kathole <nkathole>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 6.2.14CC: chrobert, pcreech, sghai
Target Milestone: 6.5.0Keywords: Triaged
Target Release: Unused   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-05-14 12:37:00 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Mario Mikocevic 2018-03-16 15:05:58 UTC 
Please *remove* requirement of '--certs-server-cert-req' option when 'upgrading' to the new CA.
CSR is *not* required for runtime and `satellite-installer` wrongly burps error ->

[root@lxsatapv1p work]# satellite-installer --scenario satellite --certs-server-cert /etc/pki/tls/certs/lxsatapv1p.crt --certs-server-key /etc/pki/tls/private/lxsatapv1p.key --certs-server-ca-cert /etc/pki/tls/certs/ca-bundle.crt --certs-update-server --certs-update-server-ca
Marking certificate /root/ssl-build/lxsatapv1p.dc.ht.hr/lxsatapv1p.dc.ht.hr-apache for update
Marking certificate /root/ssl-build/lxsatapv1p.dc.ht.hr/lxsatapv1p.dc.ht.hr-foreman-proxy for update
Marking certificate /root/ssl-build/katello-server-ca for update
 "" is not an absolute path. at /usr/share/katello-installer-base/modules/certs/manifests/init.pp:116 on node lxsatapv1p.dc.ht.hr
 "" is not an absolute path. at /usr/share/katello-installer-base/modules/certs/manifests/init.pp:116 on node lxsatapv1p.dc.ht.hr
Preparing installation Done
  Something went wrong! Check the log for ERROR-level output
  The full log is at /var/log/foreman-installer/satellite.log
Comment 4 Nikhil Kathole 2018-12-14 07:01:50 UTC 
VERIFIED

Version tested:
Satellite 6.5 snap 7

--certs-server-cert-req not required while updating ca (--certs-update-server)
Comment 7 errata-xmlrpc 2019-05-14 12:37:00 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2019:1222